Applied Defense on Docker & Kubernetes

November 18th @ 19:00 - 21:00 (GMT +4) // HITB CommSec Track


Skill Level








Containers are a big revolution in the software industry. They bring production to the local environment without thinking about compatibilities: with a few commands anyone can have containers running on their machines. When using containers locally, they seem to be neither complex nor complicated to secure and developers have the power of packaging applications that will behave exactly as tested. Enterprises can then split them into scalable microservices.

However, this changes when the ecosystem grows dramatically and thousands of containers with a variety of roles and flavours are orchestrated to maintain availability. While these huge environments have great benefits, their complexity enlarges the attack surface exponentially. Just through a single misconfiguration of some of the infinite customization features they offer, chaos can arise. So what can be done to protect these containerized realms?

This workshop will explain how to implement advanced security features to secure the Docker daemon, its core components, container execution and Kubernetes orchestrated environments.


  • Kernel namespaces
  • Kernel capabilities
  • Mandatory Access Controls
  • Container UID & GID
  • Userns-remap
  • Distroless
  • API Authentication
  • API Authorization
  • Security Context
  • Security Policies
  • Network Policies

Ready To HACK?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

who should attend?

Containerization and orchestration have dramatically changed the way in which today’s technologies are deployed and managed. Defense techniques require reinvention and security professionals must now acquire the necessary skills to protect these environments. We encourage to Security Analysts, Architects, DevOps Engineers and any person curious about how to secure these technologies to join this workshop.


Students will walk away having learned the advanced security features of Docker & Kubernetes.


Security Researcher, Dreamlab Technologies

Sol Ozzan

Drop out Computer Science student working as a Security Researcher at Dreamlab Technologies. She worked as a Developer, Ops Engineer, Software Architect and Security Analyst. Sol have participated of Black Hat, Hack In The Box, Ekoparty and other conferences teaching about Docker & Kubernetes security.

When Sol is not hacking for food she is competing on CTFs, organizing free pass security conferences and helping empower projects to bring diversity to the InfoSec community and to make grow the open-source projects on InfoSec.